Database of private messages and password data may be in the wild, admins warn.

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.

"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."

User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site. Bitcoin Talk administrators are in the process of figuring out how the compromise happened and don't plan to restore service until after the security hole is plugged.

People who visited the site after it was hacked were greeted by cartoon images of missiles that appeared over Tchaikovsky's classical music opus 1812 Overture. A pop-up caption at one point read: "Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye."

Bitcoin Talk was one of the sites on which alleged Silk Road kingpin Ross William Ulbricht used his real identity to post messages. Federal prosecutors cited the post, which solicited an "IT pro in the Bitcoin community" to work on a venture-backed startup, as evidence that Ulbricht was the same person who went by the handle "Dread Pirate Roberts" and ran the $1.2 billion Silk Road bazaar.

When are we gonna wake up? Regardless of how convenient the Web is, the fact of the matter is that it is NOT safe by any stretch. Between the worlds governments and world wide "hackers" (poor use of that term IMHO), nothing is secure, EVER. Passwords need to be kept secure ON YOUR OWN MACHINES, ENCRYPTED, and changed at least weekly if not more often. Use of a program like "Keep Password Safe" with local storage is mandatory. Trust NOTHING in the "cloud". It's all hanging out in the breeze for anyone to get at.

While the cryptocurrency-community might be the community best equipped for cracking the passwords, it still doesn't look like it was the incentive for the hack since the defacement ensured that everyone knew something was up instantly. This gave the users ample time to change their passwords if they were using the same ones elsewhere, long before any of the passwords could practically have been cracked. In my opinion, the target must have been the private messages or sending the bitcoin price further down so the person behind could either short it or obtain cheap coins.

A service that arranged $1.2 billion worth of drug trades in less than two years is an empire.

No, the Roman Empire was an empire, it claimed much of the known world. The US could be considered an empire, as it has/had most of the worlds military power. The 2 things these 2 empires have in common? They commanded a huge majority, or at least a significant share of the total wordwide #'s. Same goes for Rupert Murdochs media "empire", it is such because it commands a huge proportion of the worlds news media.

Silk Road on the other hand, 1.2 billion in an industry that as a whole accounts for 100's of billions a year in total sales? Yeah, not so much of an empire at all. Marijuana alone, in the US ONLY, accounts for a billion a year. 1.2 billion acting as a sales intermediary for the cartels, the true "empires" of the drug world, is hardly an "empire". I think you greatly underestimate the scale and size of the wordwide desire to self medicate in one form or another.

While the cryptocurrency-community might be the community best equipped for cracking the passwords, it still doesn't look like it was the incentive for the hack since the defacement ensured that everyone knew something was up instantly. This gave the users ample time to change their passwords if they were using the same ones elsewhere, long before any of the passwords could practically have been cracked. In my opinion, the target must have been the private messages or sending the bitcoin price further down so the person behind could either short it or obtain cheap coins.

Based on the defacement video it looks like a case of “because we could”..

I can’t imagine how the hack would have captured any Bitcoins.. and shorting Bitcoins only works if you have them already or can find someone to lend you some.. the protocol does not allow naked short selling. Depressing the price in order to purchase cheap coins is a possibility.. however, this was a message board and not the Bitcoin network infrastructure so it should have minimal effects.

A service that arranged $1.2 billion worth of drug trades in less than two years is an empire.

No, the Roman Empire was an empire, it claimed much of the known world. The US could be considered an empire, as it has/had most of the worlds military power. The 2 things these 2 empires have in common? They commanded a huge majority, or at least a significant share of the total wordwide #'s. Same goes for Rupert Murdochs media "empire", it is such because it commands a huge proportion of the worlds news media.

Silk Road on the other hand, 1.2 billion in an industry that as a whole accounts for 100's of billions a year in total sales? Yeah, not so much of an empire at all. Marijuana alone, in the US ONLY, accounts for a billion a year. 1.2 billion acting as a sales intermediary for the cartels, the true "empires" of the drug world, is hardly an "empire". I think you greatly underestimate the scale and size of the wordwide desire to self medicate in one form or another.

The forum was hacked long before today, there where some topics there of users that have websites related to bitcoins, which they advertised in their signature as being hacked.

Allot of websites related to bitcoins where hacked, and most of this users where posting there. How come? Probably because the forums where penetrated for a long time and those users had similar logins of data in their forum account as their websites.

Its not a coincidence that several bitcoins which their users where in that forums where hacked left and right the last weeks and now their whole forum.

The hacker there was actually contacting website owners, telling them to send him XX bitcoins or he would released their data, showing some leaks as a proof. He was blackmailing users that had bitcoin related websites.

This must be the same person or persons involved now in the forum hack. They just decided to take it down today but it was probably already compromised for some time now.

What we are learning more and more from the Internet is that HTML is coming back in a huge way.

Static html pages without databases or PHP or any language are not prompt to hacks. If you want to stay in the clean side, just use static files like it was 1997 again.

Absolutely all of this hacks are done exploiting something in the website, not in the server itself, but in the code or database which them lets them escalate privileges.

Based on the defacement video it looks like a case of “because we could”..

From what I gather this is the same person/group using the same unpatched exploit as the Cosby Coin that happened 2 years ago.

After collecting ~$10,000 a month in advertising and over a half-million dollars in buttcoin donations to upgrade the forum software Theymos (bitcointalk owner) still hasn't upgraded the forum.

So yeah, "Because we can, for the lulz, that's what you get for collecting a giant fucking pile of money to upgrade your forum yet insist on sticking with an outdated SMF installation with known security holes, and just think what somebody could do to your little forum if they were actually serious."

Will this finally convince Theymos to take that giant pile of "money" and upgrade the forum software? Magic 8-ball says "Don't count on it."

Based on the defacement video it looks like a case of “because we could”..

From what I gather this is the same person/group using the same unpatched exploit as the Cosby Coin that happened 2 years ago.

After collecting ~$10,000 a month in advertising and over a half-million dollars in buttcoin donations to upgrade the forum software Theymos (bitcointalk owner) still hasn't upgraded the forum.

So yeah, "Because we can, for the lulz, that's what you get for collecting a giant fucking pile of money to upgrade your forum yet insist on sticking with an outdated SMF installation with known security holes, and just think what somebody could do to your little forum if they were actually serious."

Will this finally convince Theymos to take that giant pile of "money" and upgrade the forum software? Magic 8-ball says "Don't count on it."

This is wrong. If a 2 year old exploit was used, why has nobody claimed the 50 btc ($5500) bounty for explaining what happened?

Based on the defacement video it looks like a case of “because we could”..

From what I gather this is the same person/group using the same unpatched exploit as the Cosby Coin that happened 2 years ago.

After collecting ~$10,000 a month in advertising and over a half-million dollars in buttcoin donations to upgrade the forum software Theymos (bitcointalk owner) still hasn't upgraded the forum.

So yeah, "Because we can, for the lulz, that's what you get for collecting a giant fucking pile of money to upgrade your forum yet insist on sticking with an outdated SMF installation with known security holes, and just think what somebody could do to your little forum if they were actually serious."

Will this finally convince Theymos to take that giant pile of "money" and upgrade the forum software? Magic 8-ball says "Don't count on it."

This is wrong. If a 2 year old exploit was used, why has nobody claimed the 50 btc ($5500) bounty for explaining what happened?

Mmmm maybe because Theymos won't pay the bounty on something he claims to have patched already? It could have something to do with the patch being undone because at least one of the idiot admins on bitcointalk didn't bother to change his password after the last hack There's no guarantee he'd even pay if you pointed out the exact patch he needed to apply. Remember, this is a guy who A: has been sitting on $500,000 of buttcoins instead of updating the forum software and B: Theymos thinks every version of software past 1.0 is less secure than the prior version!

Let's see, what else?Oh, right. Don't assume everybody is motivated by greed like the typical buttcoiner. We have a saying: "Don't touch the poop."

Is Theymos the same fellow called Martti Malmi? From what I am reading on other forums, this fellow is a scammer (even ran a romance scam?)

Quote:

Martti Malmi Gay Romance Scam Revealed in Court Documents

The romance scam is the cruelest, meanest kind of scam, especially when targeted at the LGBT ( Lesbian Gay Bisexual Transgender ) community, which has only recently found its voice. The gay romance scam typically relieves affluent, older men of their cash, their self-esteem and their hopes for true love. The gay love scam is increasing at an alarming rate across the globe. In Finland, as 48 year old Thomas Weiner discovered when he flew from New York to Helsinki to pay bitcoin scammer / computer hacker Martti Malmi 2500 euros for a Helsinki matchmaking tour as part of gay pride world wide, a non-profit organization partially funded by the United States State Department, scammers that pray on gays are cashing in using the same tactics employed by Russian "Natasha" scam artists. *In the complaint filed in the southern district court of New York by Weiner's attorney, Malmi absconded with the cash but did not deliver the tour as agreed. *